Title :
Entropy based intrusion detection
Author :
Yoshida, Kenichi
Author_Institution :
Graduate Sch. of Bus. Sci., Tsukuba Univ., Tokyo, Japan
Abstract :
An intrusion detection system is an important component in protecting computer security. Most of the current commercially available intrusion detection systems use signature-based rules to detect attacks. A serious defect-with this approach is that it only detects attacks that have been seen previously. It cannot detect newly encountered attacks. As a means to overcome this defect, various research has been undertaken using data mining to automatically detect newly encountered attacks. Our research follows this approach. However, we propose the use of an entropy based data mining method without using the APRIORI based data mining method which is commonly used in the previous research on intrusion detection. Because the results of APRIORI are noisy, post-processing of its results are necessary. However, the use of entropy alleviates this defect.
Keywords :
data mining; entropy; safety systems; attack automatic detection; computer security protection; data mining; entropy based intrusion detection; Association rules; Business; Computer networks; Computer security; Data mining; Engines; Entropy; Intrusion detection; Learning systems; Protection;
Conference_Titel :
Communications, Computers and signal Processing, 2003. PACRIM. 2003 IEEE Pacific Rim Conference on
Print_ISBN :
0-7803-7978-0
DOI :
10.1109/PACRIM.2003.1235912
